動画検索
関連広告
検索結果
Intro
Start of nmap, examining the page discovering its all static with no user input
Examining the source code of the website
Running the javascript through a beutifier so we can easily read this, and finding another web endpoint
Going to api-prod.horizontall.htb, running gobuster and examining the endpoints
Navigating to /admin brings us to a STRAPI login, searching for exploits and finding an RCE
Lightly reading the exploit script, we will go more in depth at the end of this video
Getting a reverse shell
Reverse shell returned, looking for how the webapp talks to the database
Explaining why this nginx server uses proxy_pass and has a node app listening on port 1337
Dropping an SSH Key and using SSH to access this box, no privilege escalation yet just wanted a better shell
Having a lot of trouble with getting data out of the MySQL Database, not exactly sure what went wrong here.
Going over the LinPEAS Output and discovering port 8000 running laravel
Going over why we cant see processes from other users
Using SSH to tunnel port 8000 to our box, allowing us to access laravel, finding out laravel is in debug mode
Finding an exploit and executing code as laravel.
First script didn't work, looking to see if there are others. This one didn't require absolute paths, which allows it to work! Getting root
Looks like there's some bad characters with our reverse shell, switching to a web cradle and getting root
Explaining why this box isn't the box I wanted to show off FeroxBuster (Recursive Searching on API wouldn't work)
Looking at the STRAPI Exploit and showing how the patch worked
Comparing PHP Exploits
求める情報が見つからない場合は、キーワードや指定した条件を変えてみてください。